CVE-2024-0136

CWE-6534 documents4 sources

Severity

8.4HIGH

EPSS

0.1%

top 72.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Nvidia Container Toolkit Nvidia Nvidia GPU Operator

Timeline

PublishedJan 28

Description

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages4 packages

▶NVDnvidia/nvidia_container_toolkit< 1.17.3

▶CVEListV5nvidia/nvidia_container_toolkitAll versions up to and including v1.17.0

▶NVDnvidia/nvidia_gpu_operator< 24.9.1

▶CVEListV5nvidia/nvidia_gpu_operatorAll versions up to and including 24.9.0

🔴Vulnerability Details

CVEList

CVE-2024-0136: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining↗2025-01-28

▶

GHSA

GHSA-vcfp-63cx-4h59: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining↗2025-01-28

▶

📋Vendor Advisories

Red Hat

nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit↗2025-01-28

▶